Anti-hacking system

ABSTRACT

A system which discourages corruption of data within a network of computers. A refresh computer monitors the information within a hosting computer and periodically refreshes the information. The hosting computer provides the information to remote computers via the network. The refreshing action occurs either periodically or when a corruption of the information is detected. In some embodiments of the invention the hosting computer and the refresh computer are contained within the same housing; in other embodiments, the hosting computer and the refreshing computer communicate via the primary network or a secondary network.

BACKGROUND OF THE INVENTION

[0001] This invention relates generally to computer systems and moreparticularly to computer systems used on as a distributed network ofcomputers.

[0002] Whenever a computer is connected to a network (such as theInternet or any other publicly accessible system), corruption of thedata/information on the computer increases significantly. While there isa slight risk that increased use of the computer's data/information willcause the data/information to generate “bugs”, the biggest risk comesfrom the intentional interference with the data/information by thirdparties.

[0003] Commonly called “hacking”, a significant number of users find joyin the challenge of going into another's computer and either leaving a“tag” (changing the image or verbiage) or withdrawing proprietaryinformation.

[0004] In the case of information used for national security, a largenumber of “firewalls” and other techniques are used to assure that onlyauthorized personnel have access to the information. These techniquesand firewalls require a great deal of maintenance and expertise to keepthem from failing as there is always pressure from hackers trying toimproperly enter the sites.

[0005] In the case of commercial sites, everyone is “authorized” andeveryone represents a potential customer; but, all too often a hackerwill enter the site and alter the site's verbiage or graphics to presentan image other than that sought by the owner of the site.

[0006] As example, a commercial site that supplies automobile parts fora particular brand of vehicles, would not like a hacker placingdenigrating comments,about that brand of vehicle on the site.

[0007] In some cases, these “hackings” are obvious and the owner of thesite is able to review the material periodically; but, when thecommercial site grows to include hundreds or even a thousand pages, asimple review is never enough.

[0008] Another pronounce problem that commercial sites have encounteredis the protection of sensitive information. With the expanding use ofcredit cards for purchases, the site's data base of submitted creditcards can be just too tempting, thereby encouraging a hacker to obtainthe credit card information for criminal activities.

[0009] It is clear from the forgoing that there is a need to preservethe integrity of material which is placed on a distributed system ofcomputers such as the Internet.

SUMMARY OF THE INVENTION

[0010] The present invention creates a system which discouragescorruption of data within a network of computers.

[0011] In this context, the use of the term “network” is meant to applya wide range of computer interconnecting systems well known to those ofordinary skill in the art, such as but limited to: the Internet,Intranets, and modem based bulletin boards.

[0012] Within this discussion, the terms “information” and “data” areinterchangeable and are used to include any material deliverable by onecomputer to another. This includes, but is not limited to such items as:images, text, programs, and hyper-links. Those of ordinary skill in theart readily recognize other such materials.

[0013] In general, the system employs the use of a hosting computer withwhich a consumer interacts to obtain the information or data. A secondcomputer, referenced as the refresh computer, serves to monitor thedata/information within the hosting computer.

[0014] The refresh computer monitors the information within the hostingcomputer and preserves its integrity through one of two principal waysby refreshing the data: (1) periodically; or, (2) whenever a corruptionof the information is detected.

[0015] In the case of periodically refreshing the data, pre-determineddata/information is stored on the refresh computer. After a defined timeperiod has elapsed, the refreshing computer erases the information/dataon the hosting computer and replaces it with the pre-determineddata/information onto the hosting computer.

[0016] The time period is often set at a short period of time (say everyfive minutes), but in some embodiments, a user of the refresh computeris able to define the time period between refresh activities to meet theneeds of the particular site. A site that is more prone to hacking mayhave a time period of a minute or less; another less critical site mightdo the refresh every hour.

[0017] In doing this, any corruption that may have existed is erased andthe commercial site is assured that its data/information is kept at thepre-determined status. Since the hacker's efforts are constantly beingerased, the “joy” that the hacker experiences is short-lived; therebyencouraging the hacker to seek out easier sites where his/her effortswill be noticed.

[0018] In the second methodology, the information/data within thehosting computer is compared with the pre-determined information/data onthe refreshing computer; if a match does not exist (thereby indicatingthat a corruption problem exists), then the refreshing computer erasesthe information/data within the hosting computer and places the goodinformation/data in the hosting computer for dissemination therefrom.

[0019] By keeping the information/data within the refresh computer awayfrom, network access, the user is assured that it cannot be hacked.

[0020] In some embodiments of the invention, the hosting computer andthe refresh computer are contained within the same housing. Thisembodiment is particularly useful as it creates a single site for theentire operation and provides a system that transparently providesanti-hacking capabilities.

[0021] In other embodiments, the hosting computer and the refreshcomputer communicate via the network used by the hosting computer andthe customer. This embodiment allows a single refresh computer to haveeasy access to a variety of hosting computers.

[0022] In yet another embodiment, a secondary network is used as thelink between the refresh computer and hosting computer. Those ofordinary skill in the art recognize a variety of such secondarynetworks, such as, but limited to, phone lines with the use of modems.

[0023] The invention, together with various embodiments thereof, will bemore fully explained by the accompanying drawings and the followingdescription thereof.

DRAWINGS IN BRIEF

[0024]FIG. 1 is a block diagram of a typical computer.

[0025]FIGS. 2A, 2B, 2C, and 2D are functional block diagrams ofdiffering embodiments of the present invention.

[0026]FIG. 3 illustrates a typical screen display at theconsumer/remote-user site.

[0027]FIG. 4 is a flowchart of the preferred embodiment of theinvention.

[0028]FIG. 5 is a flowchart of an alternative embodiment of theinvention.

[0029]FIG. 6 is a flowchart of an embodiment of the invention in which asingle refresh computer is used to monitor and up-date numerous hostingcomputers.

[0030]FIG. 7 is a block diagram of a system which places the refreshcomputer and the hosting computer within a single housing.

DRAWINGS IN DETAIL

[0031]FIG. 1 is a block diagram of a typical computer.

[0032] While FIG. 1 diagrams a typical computer, those of ordinary skillin the art readily recognize that a large number of variations andalternative designs are available for a computer. The invention is notintended to be limited to this sole configuration.

[0033] Computer 10 contains a Central Processing Unit (CPU) 11 whichcontrols the functions of the assembly. CPU 11 is able to draw data frommemory 14 and also to place data into memory 14. Memory 14 includes bothvolatile memory and non-volatile memory.

[0034] Data from memory 14 is used by CPU 11 and is communicated to anetwork 18 (such as the Internet or phone system) via modem 12. In someembodiments, modem 12 is replaced with a different type of interface tomeet the needs of the particular network 18 being addressed.

[0035] CPU 11 is able to communicate with an operator via inputinterface 13 which receives operator generated information 16 (such asfrom a keyboard or a touch pad). Visual information is communicated tothe operator via a visual display device 17 which is driven by displayinterface 15.

[0036]FIGS. 2A, 2B, 2C, and 2D are functional block diagrams ofdiffering embodiments of the present invention.

[0037]FIG. 2A is the preferred embodiment of the invention. In thisillustration, Internet 20A is used as the computer networking system;those of ordinary skill in the art readily recognize a variety ofnetworks which are suitable in this situation. This includes, but is notlimited to: phone systems, intranets, and wireless networks.

[0038] Consumer computer 21A communicates with hosting computer 22A viaInternet 20A. Hosting computer 22A contains informational data andordering information. This data includes promotional material onproducts offered for sale by hosting computer 22A, reference information(such as a library would provide), as well as many other types ofinformation.

[0039] Further, hosting computer 22A is able to receive data fromconsumer computer 21A via the Internet 20A. This type of informationoften includes sensitive or private information such as financialrecords (i.e. credit card numbers and checking account numbers),information identifying the user of consumer computer 21A (i.e. socialsecurity numbers), and personal data (i.e. health records).

[0040] As noted earlier, often hackers want to either disrupt theinformational data or want to obtain the sensitive data.

[0041] Refresh computer 23A communicates with hosting computer 22A tomonitor the integrity of the data within hosting computer 22A. Theintegrity of the data within hosting computer 22A is assured by either:periodically refreshing the data within hosting computer 22A withpre-determined data from refresh computer 23A; or, by checking the datawithin hosting computer 22A with the pre-determined data from refreshcomputer 23A and refreshing hosting computer 22A if an error isdetected.

[0042] In practice, the web designer for hosting computer 22A suppliesthe pre-determined data to the refresh computer 23A to use as atemplate. Since refresh computer 23A, in this embodiment, onlycommunicates with hosting computer 22A and is not capable ofcommunicating via Internet 20A, the predetermined data within refreshcomputer 23A remains “unspoiled”.

[0043] As further security, sensitive information supplied by the userof consumer computer 21A is periodically pulled from hosting computer22A and erased from hosting computer 22A. This sensitive data is kept onrefresh computer 23A, away from the hacker's access.

[0044] As shown in this figure, other consumer computers 24 are alsoable to operate in the same manner as outlined above relative toconsumer computer 21A.

[0045]FIG. 2B is an alternative embodiment of the invention in which thehosting computer 22B and the refresh computer 23B are located within thesame housing 25. FIG. 7 gives a block diagram of one configuration forthis embodiment.

[0046] As before, hosting computer 22B and consumer computer 21B shareinformation via Internet 20B. Although only a single consumer computer21B is depicted, this embodiment, together with the other embodiments,contemplate numerous consumer computers accessing Internet 20B.

[0047] The data/information on hosting computer 22B together with thesensitive data provided by the user of consumer computer 21B isprotected by refresh comnputer 23B.

[0048] In this embodiment, hosting computer 22B and refresh computer 23Bare contained within housing 25. This embodiment is particularly usefulfor an Internet Service Provider (ISP) as the single housing providesfor a secure treatment of data; and, this security is “transparent” tothe ISP user. To the ISP user, the web page and programs are merelystored on the refresh computer 23B, which automatically up-grades andmaintains the web-pages and programs on hosting computer 22B.

[0049]FIG. 2C is an alternative embodiment of the invention in whichrefresh computer 23C and hosting computer 22C communicate via thenetwork.

[0050] Consumer 21C is able to obtain information/data from hostingcomputer 22C via Internet 20C. As described earlier, sensitive data fromthe consumer 21C is communicated to hosting computer 20C via Internet20C.

[0051] The refreshing of the information within hosting computer 22C andthe withdrawal of the sensitive data within hosting computer 22C isaccomplished the same as outlined above, except that, in this embodimentthe communication between refresh computer 23C and hosting computer 22Cis accomplished via Internet 20C. Ideally, to provide added security,refresh computer 23C is not accessible by any other computer overInternet 20C; and, refresh computer 23C only communicates with hostingcomputer 22C.

[0052] While the discussions herein are directed to a single refreshcomputer communicating with a single hosting computer, the invention isnot so limited. Another embodiment of the invention allows for a singlerefresh computer to assist a number of hosting computers by cyclingthrough all of them to assure each hosting computer's integrity.

[0053]FIG. 2D illustrates an embodiment of the invention in which asecond network is used for the communication between the refreshcomputer and the hosting computer.

[0054] As described earlier, consumer computer 21D exchanges data andinformation via Internet 20D with hosting computer 22D. Also, asdescribed above, refresh computer 23D is used to maintain the integrityof the contents of hosting computer 22D.

[0055] In this embodiment though, refresh computer 23D and hostingcomputer 22D communicate via a secondary network 26. Those of ordinaryskill in the art recognize a variety of secondary networks such as anintranet or a phone system.

[0056]FIG. 3 illustrates a typical screen display at theconsumer/remote-user site.

[0057] Screen 30, in this illustration shows a fictitious company'sweb-page giving a photograph 31 together with various links 32. A hackermight change the photograph to a derogatory one, or might change thelinks (or their underlying page) for some purpose. The present inventionmaintains the program defining this page as pre-determined data in-therefresh computer. By selectively refreshing this data/information withinthe hosting computer, the hosting computer is assured that thedata/information is correct and the web-page remains as intended.

[0058] As example, if a hacker were to change the information/data onthe hosting computer, then this alternation would be noticed andautomatically refreshed; thereby eliminating the hacker's efforts. Theelimination of the “fruits” of the hacker's efforts, significantlydissuades the hacker from altering this site.

[0059]FIG. 4 is the preferred flowchart of the operation of the refreshcomputer.

[0060] Once the program has started 40A, the user of the system entersthe time period 41A which is to be used for the operation. In thisembodiment, the contents of the host computer are refreshedautomatically at the end or beginning of the time period. While thistime period is optionally any time selected by the user, a shorter timeperiod is, called for when the host computer is more active.

[0061] The program pulls the pre-defined data from memory 41B and thecontents, (information/data) of the host computer are refreshed 42.

[0062] The program then checks for an interrupt 43A from the operator ofthe refresh computer indicating that the program is to stop 40B. If nointerrupt has been received 43A, then the time lapse is checked to seeif the period has expired 43B; if it has, then the contents of the hostcomputer are refreshed 42; otherwise, the program returns to check foran interrupt 43A.

[0063] In this manner, the refresh computer continuously refreshes thecontents of the host computer; thereby assuring the integrity of thecontents of the host computer.

[0064]FIG. 5 is a flowchart of an alternative embodiment of theinvention.

[0065] After start 50A, the period for review is collected 51A. Whilethe period is sometimes entered by an operator of the refresh computer,in some cases the period is stored within the memory of the refreshcomputer in a data file and is simply retrieved after start of theprogram.

[0066] The pre-defined data 51B is withdrawn from the memory of therefresh computer and the corresponding data from the host computer isobtained 51C.

[0067] A comparison between the pre-defined data and the host computer'sdata is then made 52A to see if there is a difference. If a differenceexists, then the contents within the host computer are refreshed;otherwise a check is made to see if the operator of the refresh computerhas interrupted the program 52B. If there is an interrupt, then theprogram stops 50B.

[0068] If there isn't an interrupt, then the program determines if thetime period has elapsed 52C. Until the time has elapsed, the programloops back checking for an interrupt 52B; upon the completion of thetime period, the program loops back to again withdraw the contents ofthe host computer 51C, and the program continues.

[0069] This embodiment of the invention is powerful in that the contentsare only refreshed if the contents of the host computer have lost theirintegrity.

[0070]FIG. 6 is a flowchart of an embodiment of the invention in which asingle refreshing computer is used to monitor and up-date numeroushosting computers.

[0071] After start 60A, the program establishes the first host computerto monitor 61A. The selected host computer's URL is established 61B andthe first page within that host computer is established 61C.

[0072] The pre-defined data for the page in question is withdrawn 62Aand the page from the host computer is obtained 62B. A comparison of thetwo is made to see if there is a difference 63A. If there is adiscrepancy, then the page is refreshed 61D.

[0073] The program checks for an interrupt 63B and stops 60B if aninterrupt is sensed.

[0074] If no interrupt 63B has occurred, then a determination is made onif there are more pages to review for the host computer 63C. If thereare more pages, then the next page is identified 61E and the pre-defineddata for that page is withdrawn from memory 62A.

[0075] Should there not be any more pages to review for that specifichost computer 63C, then a determination is made on if there are any morehost computers to review 63D. If there are, then the next host computer61F is identified and that host computer's URL is obtained 61B. Theprogram loops back 61B to repeat the process for this newly identifiedhost computer.

[0076] If there are no more host computers to review 63D, then theprogram returns to the initial host computer 61A and the processcontinues.

[0077] In this manner, the contents of many different host computers arereviewed and refreshed by a single refresh computer.

[0078]FIG. 7 is a block diagram of a system which places the refreshcomputer and the hosting computer within a single housing.

[0079] As noted earlier, housing 25 contains both hosting computer 22Band refresh computer 23B. Hosting computer 22B has its own CPU 70A whichcommunicates with memory 72A and with the internet 76 via modem 71.

[0080] Refresh computer 23B has CPU 70B communicating with memory 72B.It is within memory 72B that the pre-defined data is stored. Inputinterface 73 permits user 75 to communicate data to CPU 70B. CPU 70B isable to display information for the user via display interface 74 whichdrives a visual monitor 76.

[0081] In this way, a single housing is used. The user is able to createthe web-page via input interface 73, have it stored in memory 72B;thereafter, CPU 70B places this web-page into memory 72A fordissemination on the Internet 76 via modem 71 by CPU 70A; further, thewebpage in memory 72A is refreshed by CPU 70B as outlined above toassure the integrity of the web-page.

[0082] It is clear that the present invention provides for a highlyimproved system for assuring that the integrity of publicly availableinformation remains uncorrputed.

What is claimed is:
 1. A computer system comprising: a) a first computerhaving memory therein, said memory containing data being provided to aremote computer by said first computer via a computer network; and, b) asecond computer communicating with said first computer and having storedtherein a pre-determined informational packet, said second computerhaving means for automatically refreshing the memory of said firstcomputer with said pre-determined informational packet.
 2. The computersystem according to claim 1, wherein said second computer furtherincludes: a) means for identifying if the data within said firstcomputer is different than said predetermined informational packet; and,b) means, responsive to said means for identifying, for activating saidmeans for automatically refreshing the memory of said first computer. 3.The computer system according to claim 2, wherein said second computerand the first computer communicate via said computer network.
 4. Thecomputer system according to claim 2, wherein said second computer andthe first computer communicate via a second computer network.
 5. Thecomputer system according to claim 2, wherein said first computer andsaid second computer are within the same housing.
 6. The computer systemaccording to claim 1, wherein said means for automatically refreshingthe memory of said first computer is activated at defined timeintervals.
 7. The computer system according to claim 6, wherein saiddefined time interval is established by an operator of said secondcomputer.
 8. The computer system according to claim 1, a) wherein thememory of said first computer includes numerous sets of data; and, b)wherein said second computer includes, 1) numerous sets ofpre-determined information packets, each pre-determined informationpacket associated with a unique one of said numerous sets of data insaid memory of said first computer, 2) means for identifying which onesof said numerous sets of data within the memory of said first computerhave been altered, and, 3) means, responsive to said means foridentifying, for automatically refreshing any set of data within saidfirst computer which has been altered with an associated pre-determinedinformation packet.
 9. The computer system according to claim 1, whereinthe memory of said first computer includes remote-user data which hasbeen at least partially defined by a user of the remote computer viasaid computer network.
 10. The computer system according to claim 9,wherein said second computer includes: a) means for withdrawing saidremote-user data from the memory of said first computer; and, b) erasingsaid remote-user data within the memory of said first computer.
 11. Thecomputer system according to claim 10, where said second computerfurther includes means for adding said remote-user data to a memory ofsaid second computer.
 12. The computer system according to claim 11,wherein said means for withdrawing and said means for erasing areautomatically and periodically activated.
 13. A system comprising: a) afirst computer communicating information from memory to a remotecomputer via a computer network; and, b) a second computer automaticallyrefreshing the information within the memory of said first computer. 14.The system according to claim 13, wherein, prior to refreshing theinformation within the first computer, said second computer determinesif the information within the first computer is different than theinformation within said second computer.
 15. The system according toclaim 13, wherein said second computer refreshes the information withinthe first computer at defined time intervals.
 16. The system accordingto claim 15, wherein the memory of said first computer includesremote-user data which has been at least partially defined by a user ofthe remote computer.
 17. The system according to claim 16, wherein saidsecond computer includes: a) means for withdrawing said remote-user datafrom the memory of said first computer; and, b) erasing said remote-userdata within the memory of said first computer.
 18. The system accordingto claim 17, wherein said second computer further includes means foradding said remote-user data to a memory of said second computer.
 19. Anetwork of computers comprising: a) a network “permitting information tobe communicated between computers; b) at least one remote computer; c) ahosting computer having memory therein, said memory containing numeroussets of data, said hosting computer providing a selected one of saidsets of data to the remote computer via said network; and, d) a refreshcomputer communicating with said hosting computer, said refresh computerhaving, 1) numerous sets of pre-determined information packets, eachpredetermined information packet associated with a unique one of saidnumerous sets of data in the memory of said hosting computer, 2) meansfor identifying which ones of said numerous sets of data within thememory of said hosting computer have been altered, and, 3) means,responsive to said means for identifying, for automatically refreshingany set of data within said hosting computer which has been altered withan associated pre-determined information packet.
 20. The network ofcomputers according to claim 19, wherein said hosting computer and saidrefresh computer are within the same housing.
 21. The network ofcomputers according to claim 19, wherein he hosting computer and therefresh computer communicate via the network.
 22. The network ofcomputers according to claim 19, wherein the hosting computer and therefresh computer communicate via a second network.